eGW uses now negative id's for groups, this allows to better support ldap (you can have users and groups with identical id's)

This commit is contained in:
Ralf Becker 2005-11-24 19:48:21 +00:00
parent e92bd2b0fb
commit 9606f6ea25
5 changed files with 157 additions and 104 deletions

View File

@ -237,7 +237,7 @@
}
elseif ($param['type'] == 'owngroups')
{
$group = -1;
$group = true;
$param['type'] = 'groups';
}
$start = $param['start'];
@ -269,7 +269,7 @@
}
if ($group)
{
$members = $group > 0 ? $GLOBALS['egw']->acl->get_ids_for_location($group, 1, 'phpgw_group') :
$members = is_int($group) ? $GLOBALS['egw']->acl->get_ids_for_location($group, 1, 'phpgw_group') :
$GLOBALS['egw']->acl->get_location_list_for_id('phpgw_group', 1,$GLOBALS['egw_info']['user']['account_id']);
if (!$members) $members = array();
$valid = !$app ? $members : array_intersect($valid,$members); // use the intersection
@ -303,7 +303,7 @@
/**
* Searches / lists accounts: users and/or groups
*
* @deprecated
* @deprecated use search
*/
function get_list($_type='both',$start = '',$sort = '', $order = '', $query = '', $offset = '',$query_type='')
{
@ -487,23 +487,17 @@
return $membership_list[$account_id];
}
$security_equals = Array();
$security_equals = $GLOBALS['egw']->acl->get_location_list_for_id('phpgw_group', 1, $account_id);
if ($security_equals == False)
if(!($gids = $GLOBALS['egw']->acl->get_location_list_for_id('phpgw_group', 1, $account_id)))
{
return $membership_list[$account_id] = False;
}
$this->memberships = Array();
for ($idx=0; $idx<count($security_equals); $idx++)
$memberships = Array();
foreach($gids as $gid)
{
$groups = (int)$security_equals[$idx];
$this->memberships[] = Array('account_id' => $groups, 'account_name' => $this->id2name($groups));
$memberships[] = Array('account_id' => $gid, 'account_name' => $this->id2name($gid));
}
return $membership_list[$account_id] = $this->memberships;
return $membership_list[$account_id] = $memberships;
}
/**
@ -515,25 +509,27 @@
*/
function member($accountid = '')
{
$this->setup_cache();
$member_list = &$this->cache['member_list'];
$account_id = get_account_id($accountid);
$security_equals = Array();
$acl =& CreateObject('phpgwapi.acl');
$security_equals = $acl->get_ids_for_location($account_id, 1, 'phpgw_group');
unset($acl);
if ($security_equals == False)
if (isset($member_list[$account_id]))
{
return False;
return $member_list[$account_id];
}
for ($idx=0; $idx<count($security_equals); $idx++)
if (!($uids = $GLOBALS['egw']->acl->get_ids_for_location($account_id, 1, 'phpgw_group')))
{
$name = $this->id2name((int)$security_equals[$idx]);
$this->members[] = Array('account_id' => (int)$security_equals[$idx], 'account_name' => $name);
return $member_list[$account_id] = False;
}
return $this->members;
$members = array();
foreach ($uids as $uid)
{
$members[] = Array('account_id' => $uid, 'account_name' => $this->id2name($uid));
}
return $member_list[$account_id] = $members;
}
/**
@ -620,7 +616,7 @@
);
foreach($app_users as $id)
{
$type = $GLOBALS['egw']->accounts->get_type($id);
$type = $this->get_type($id);
if($type == 'g')
{
$accounts['groups'][$id] = $id;
@ -662,7 +658,7 @@
/**
* phpgw compatibility function, better use split_accounts
*
* @deprecated
* @deprecated use split_accounts
*/
function return_members($accounts)
{
@ -732,25 +728,9 @@
*/
function get_type($accountid)
{
$this->setup_cache();
$account_type = &$this->cache['account_type'];
$account_id = get_account_id($accountid);
if (isset($this->account_type) && $account_id == $this->account_id)
{
return $this->account_type;
}
if(@isset($account_type[$account_id]) && @$account_type[$account_id])
{
return $account_type[$account_id];
}
elseif($account_id == '')
{
return False;
}
return $account_type[$account_id] = accounts_::get_type($account_id);
return $account_id > 0 ? 'u' : ($account_id < 0 ? 'g' : false);
}
/**

View File

@ -36,6 +36,15 @@
var $group_context = '';
var $total;
var $requiredObjectClasses = array(
'user' => array(
'top','organizationalperson','inetorgperson','posixaccount','shadowaccount','phpgwaccount'
),
'group' => array(
'top','posixgroup','phpgwaccount'
)
);
function accounts_()
{
$this->ds = $GLOBALS['egw']->common->ldapConnect();
@ -54,7 +63,7 @@
/* search the dn for the given uid */
if(($acct_type == 'g') && $this->group_context)
{
$sri = ldap_search($this->ds, $this->group_context, 'gidnumber=' . (int)$this->account_id);
$sri = ldap_search($this->ds, $this->group_context, 'gidnumber=' . abs((int)$this->account_id));
}
else
{
@ -65,7 +74,7 @@
/* Now dump it into the array; take first entry found */
if($acct_type =='g')
{
$this->data['account_id'] = $allValues[0]['gidnumber'][0];
$this->data['account_id'] = -$allValues[0]['gidnumber'][0];
$this->data['account_lid'] = $allValues[0]['cn'][0];
$this->data['firstname'] = $GLOBALS['egw']->translation->convert($allValues[0]['cn'][0],'utf-8');
$this->data['lastname'] = lang('Group');
@ -73,7 +82,7 @@
else
{
$this->data['account_id'] = $allValues[0]['uidnumber'][0];
$this->data['account_primary_group'] = $allValues[0]['gidnumber'][0];
$this->data['account_primary_group'] = -$allValues[0]['gidnumber'][0];
$this->data['account_lid'] = $allValues[0]['uid'][0];
$this->data['firstname'] = $GLOBALS['egw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
$this->data['lastname'] = $GLOBALS['egw']->translation->convert($allValues[0]['sn'][0],'utf-8');
@ -103,13 +112,13 @@
function save_repository()
{
#_debug_array($this->data);
$acct_type = $this->get_type($this->account_id);
/* search the dn for the given u/gidnumber */
if(($acct_type == 'g') && $this->group_context)
{
$sri = ldap_search($this->ds, $this->group_context, 'gidnumber=' . (int)$this->account_id);
$sri = ldap_search($this->ds, $this->group_context, 'gidnumber=' . abs((int)$this->account_id));
}
else
{
@ -158,7 +167,7 @@
}
if($this->data['account_primary_group'])
{
$newData['gidnumber'] = $this->data['account_primary_group'];
$newData['gidnumber'] = abs($this->data['account_primary_group']);
}
if($this->data['lastlogin'])
{
@ -189,6 +198,15 @@
$newData['mail'] = $this->data['email'];
}
// check that we have all required objectclasses
unset($allValues[0]['objectclass']['count']);
// convert all values to lowercase
$currentObjectClasses = array_flip(array_change_key_case(array_flip($allValues[0]['objectclass'])));
$missingObjectClasses = array_diff($this->requiredObjectClasses['user'],$currentObjectClasses);
if(count($missingObjectClasses) > 0)
{
$newData['objectclass'] = array_merge($currentObjectClasses, $missingObjectClasses);
}
$newAccountID = $newData['uid'];
$oldAccountID = $newData['uid'];
}
@ -199,7 +217,7 @@
$this->data['account_lid'],
$GLOBALS['egw']->translation->charset(), 'utf-8'
);
$newData['gidnumber'] = $this->account_id;
$newData['gidnumber'] = abs($this->account_id);
$newGroupID = $newData['cn'];
$oldGroupID = $newData['cn'];
}
@ -362,7 +380,7 @@
foreach($this->data['account_groups'] as $key => $value)
{
// search for the group
$filter = 'gidnumber=' . (int)$value;
$filter = 'gidnumber=' . abs((int)$value);
$justThese = array('memberuid');
$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
if($sri)
@ -401,7 +419,7 @@
$account_id = get_account_id($accountid);
$account_lid = $this->id2name((int)$account_id);
$filter = 'gidnumber=' . (int)$account_id;
$filter = 'gidnumber=' . abs((int)$account_id);
$sri = ldap_search($this->ds, $this->group_context, $filter);
if($sri)
{
@ -453,7 +471,7 @@
}
}
function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '',$query_type='')
function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '', $query_type='')
{
//print "\$_type=$_type, \$start=$start , \$sort=$sort, \$order=$order, \$query=$query, \$offset=$offset, \$query_type=$query_type<br>";
$query = strtolower($query);
@ -530,7 +548,7 @@
if (!$GLOBALS['egw_info']['server']['global_denied_groups'][$test] && $allVals['cn'][0])
{
$accounts[] = Array(
'account_id' => $allVals['gidnumber'][0],
'account_id' => -$allVals['gidnumber'][0],
'account_lid' => $allVals['cn'][0],
'account_type' => $allVals['phpgwaccounttype'][0],
'account_firstname' => $GLOBALS['egw']->translation->convert($allVals['givenname'][0],'utf-8'),
@ -549,7 +567,6 @@
}
$sortedAccounts = $arrayFunctions->arfsort($accounts,explode(',',$order),$sort);
$this->total = count($accounts);
// return only the wanted accounts
if (is_array($sortedAccounts))
{
@ -579,7 +596,7 @@
if (@$allValues[0]['gidnumber'][0])
{
return (int)$allValues[0]['gidnumber'][0];
return -(int)$allValues[0]['gidnumber'][0];
}
}
$to_ldap = array(
@ -605,7 +622,7 @@
if ($which == 'account_lid' || $which == 'account_type') // groups only support account_lid and account_type
{
$allValues = array();
$sri = ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))');
$sri = ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . abs((int)$account_id) . ')(phpgwaccounttype=g))');
$allValues = ldap_get_entries($this->ds, $sri);
$attr = $which == 'account_lid' ? 'cn' : 'phpgwaccounttype';
@ -634,28 +651,6 @@
return False;
}
function get_type($account_id)
{
$allValues = array();
$sri = ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))');
$allValues = ldap_get_entries($this->ds, $sri);
if ($allValues[0]['phpgwaccounttype'][0])
{
return $allValues[0]['phpgwaccounttype'][0];
}
$allValues = array();
$sri = ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))');
$allValues = ldap_get_entries($this->ds, $sri);
if ($allValues[0]['phpgwaccounttype'][0])
{
return $allValues[0]['phpgwaccounttype'][0];
}
return False;
}
/*
* returns nonzero if $account exists in LDAP: 0: nowhere 1: user accounts, 2: group accounts, 3: both
* $account can be an account_id (LDAP: uidnumber) or an account_lid (LDAP: uid) (is determinded by ettype($account) == 'integer')
@ -667,13 +662,12 @@
$users = array();
$groups = array();
if(is_int($account))
if(is_numeric($account))
{
$ldapgroup = 'gidnumber';
$ldapacct = 'uidnumber';
$account = (int)$account;
/* If data is cached, use it. */
if(@isset($by_id[$account]) && @$by_id[$account])
if(isset($by_id[$account]))
{
return $by_id[$account];
}
@ -693,7 +687,7 @@
if ($acct_type == 'g' && $this->group_context)
{
$sri = ldap_search($this->ds, $this->group_context, $ldapgroup . '=' . $account);
$sri = ldap_search($this->ds, $this->group_context, $ldapgroup . '=' . abs($account));
$groups = ldap_get_entries($this->ds, $sri);
}
$sri = ldap_search($this->ds, $this->user_context, $ldapacct . '=' . $account);
@ -718,7 +712,6 @@
$by_lid[$account] = $in;
$by_id[$this->name2id($account)] = $in;
}
return $in;
}
@ -732,7 +725,7 @@
}
else
{
$account_id = $account_info['account_id'];
$account_id = abs($account_info['account_id']);
}
$entry['userpassword'] = $account_info['account_passwd'];
$entry['phpgwaccounttype'] = $account_info['account_type'];
@ -817,6 +810,7 @@
$dn = 'cn='.$account_info['account_lid'] . ',' . $this->group_context;
unset($entry['homedirectory']);
unset($entry['loginshell']);
unset($entry['userpassword']);
$entry['objectclass'][0] = 'top';
$entry['objectclass'][1] = 'posixGroup';
$entry['objectclass'][2] = 'phpgwAccount';
@ -863,7 +857,7 @@
}
$entry['uid'] = $account_info['account_lid'];
$entry['uidnumber'] = $account_id;
$entry['gidnumber'] = $account_info['account_primary_group'];
$entry['gidnumber'] = abs($account_info['account_primary_group']);
$entry['userpassword'] = $GLOBALS['egw']->common->encrypt_password($account_info['account_passwd']);
$entry['objectclass'][0] = 'top';
$entry['objectclass'][1] = 'person';
@ -936,8 +930,15 @@
$GLOBALS['egw']->preferences->create_defaults($account_id);
}
if($account_info['account_type'] == 'g')
{
return -$account_id;
}
else
{
return $account_id;
}
}
function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A')
{
@ -969,11 +970,11 @@
$default_group_id = $this->name2id($GLOBALS['egw_info']['server']['default_group_lid']);
if (!$default_group_id)
{
$default_group_id = (int) $this->name2id('Default');
$default_group_id = abs((int)$this->name2id('Default'));
}
$primary_group = $GLOBALS['auto_create_acct']['primary_group'] &&
$this->get_type((int)$GLOBALS['auto_create_acct']['primary_group']) == 'g' ?
(int) $GLOBALS['auto_create_acct']['primary_group'] : $default_group_id;
(int)$GLOBALS['auto_create_acct']['primary_group'] : $default_group_id;
$acct_info = array(
'account_lid' => $accountname,
@ -1063,7 +1064,7 @@
/* search the dn for the given uid */
if(($acct_type == 'g') && $this->group_context)
{
$sri = ldap_search($this->ds, $this->group_context, 'gidnumber=' . (int)$account_id);
$sri = ldap_search($this->ds, $this->group_context, 'gidnumber=' . abs((int)$account_id));
}
else
{
@ -1109,10 +1110,10 @@
$entry['phpgwaccountlastloginfrom'] = $ip;
$sri = ldap_search($this->ds, $GLOBALS['egw_info']['server']['ldap_context'], 'uidnumber=' . (int)$_account_id);
$allValues = ldap_get_entries($ds, $sri);
$allValues = ldap_get_entries($this->ds, $sri);
$dn = $allValues[0]['dn'];
@ldap_modify($ds, $dn, $entry);
@ldap_modify($this->ds, $dn, $entry);
return $allValues[0]['phpgwaccountlastlogin'][0];
}

View File

@ -260,11 +260,6 @@
return False;
}
function get_type($account_id)
{
return $this->id2name($account_id,'account_type');
}
function exists($account_lid)
{
static $by_id, $by_lid;
@ -324,7 +319,14 @@
}
$this->db->insert($this->table,$account_data,False,__LINE__,__FILE__);
return $this->db->get_last_insert_id($this->table,'account_id');
$id = $account_data['account_id'] ? $account_data['account_id'] : $this->db->get_last_insert_id($this->table,'account_id');
if ($id > 0)
{
$this->db->update($this->table,array('account_id' => -$id),array('account_id' => $id),__LINE__,__FILE__);
return -$id;
}
return $id;
}
function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A')
@ -387,9 +389,7 @@
$this->db->transaction_begin();
$this->create($acct_info); /* create the account */
$accountid = $this->name2id($accountname); /* grab the account id or an error code */
$accountid = $this->create($acct_info); /* create the account */
if ($accountid) /* begin account setup */
{

View File

@ -14,7 +14,7 @@
/* Basic information about this app */
$setup_info['phpgwapi']['name'] = 'phpgwapi';
$setup_info['phpgwapi']['title'] = 'eGroupWare API';
$setup_info['phpgwapi']['version'] = '1.0.1.029';
$setup_info['phpgwapi']['version'] = '1.2';
$setup_info['phpgwapi']['versions']['current_header'] = '1.28';
$setup_info['phpgwapi']['enable'] = 3;
$setup_info['phpgwapi']['app_order'] = 1;

View File

@ -907,4 +907,76 @@
return $GLOBALS['setup_info']['phpgwapi']['currentver'] = '1.0.1.029';
}
$test[] = '1.0.1.029';
function phpgwapi_upgrade1_0_1_029()
{
// convert all positive group id's to negative ones
// this allows duplicate id for users and groups in ldap
$GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_value',array(
'config_name' => 'account_repository',
'config_app' => 'phpgwapi',
),__LINE__,__FILE__);
if($GLOBALS['egw_setup']->db->next_record() && $GLOBALS['egw_setup']->db->f('config_value') == 'ldap')
{
$GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->acl_table,'DISTINCT acl_location',array(
'acl_appname' => 'phpgw_group',
'acl_location > 0',
),__LINE__,__FILE__);
}
else
{
$GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->accounts_table,'account_id',array(
'account_type' => 'g',
'account_id > 0',
),__LINE__,__FILE__);
}
$groupIDs = array();
while($GLOBALS['egw_setup']->db->next_record())
{
$groupIDs[] = $GLOBALS['egw_setup']->db->f(0);
}
$tables = array();
foreach($GLOBALS['egw_setup']->db->table_names() as $data)
{
$tables[] = $data['table_name'];
}
foreach(array(
array('egw_acl','acl_location'),
array('egw_acl','acl_account'),
array('egw_accounts','account_id',"account_type='g'"),
array('egw_accounts','account_primary_group',"account_type='u'"),
array('egw_cal_user','cal_user_id',"cal_user_type='u'"),
array('egw_wiki_pages','wiki_readable',true),
array('egw_wiki_pages','wiki_writable',true),
) as $data)
{
$where = false;
list($table,$col,$where) = $data;
if (!in_array($table,$tables)) continue; // app is not installed
if ($col == 'acl_location') // varchar not int!
{
$set = $col.'='.$GLOBALS['egw_setup']->db->concat("'-'",$col);
$in = "$col IN ('".implode("','",$groupIDs)."')";
}
else
{
$set = "$col=-$col";
$in = "$col IN (".implode(',',$groupIDs).')';
}
if ($where === true)
{
$in = '';
$where = '1=1';
}
$query = "UPDATE $table SET $set WHERE $in".($in && $where ? ' AND ' : '').$where;
//echo "<p>$query</p>\n";
$GLOBALS['egw_setup']->db->query($query,__LINE__,__FILE__);
}
return $GLOBALS['setup_info']['phpgwapi']['currentver'] = '1.2';
}
?>